What is the severity of CVE-2026-0726?

CVE-2026-0726 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2026-0726 | High Vulnerability in Nexter Extension for WordPress

CVE-2026-0726: High Vulnerability in Nexter Extension for WordPress

The Nexter Extension plugin for WordPress is affected by a high-severity PHP Object Injection vulnerability. This could allow unauthenticated attackers to exploit the flaw if certain conditions are met. Immediate action is advised to mitigate potential risks.

HIGHCVSS 8.1 · Published January 20, 2026

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxt_unserialize_replace' function. This vulnerability allows unauthenticated attackers to inject a PHP Object. Notably, there is no known POP chain present in the vulnerable software, meaning this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site.

If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The CVSS score of 8.1 indicates that this is a high-severity vulnerability, and organizations should prioritize patching immediately.

Given the potential for exploitation under specific conditions, organizations utilizing the Nexter Extension plugin should assess their environments for additional plugins or themes that may expose them to this risk. Proactive measures should be taken to secure their WordPress installations against possible attacks leveraging this vulnerability.

The plugin's status has been marked as deferred, indicating that while the vulnerability has been identified, it may not yet be addressed. Organizations should remain vigilant and monitor for any updates regarding this vulnerability.

Risk to organizations includes unauthorized access and potential data breaches, emphasizing the importance of updating and patching the affected software as soon as possible.

Organizations should address this vulnerability in their priority patch cycle to mitigate risks associated with potential exploitation.

For further details, organizations can refer to the official disclosure from Wordfence.

Monitoring for any signs of compromise related to this vulnerability is also critical.

The Nexter Extension plugin is widely used, and the implications of this vulnerability could have a significant impact on many WordPress installations.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2026-0726: High Vulnerability in Nexter Extension for WordPress

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.